actionview 6.1.7.2 → 6.1.7.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +27 -0
  3. data/lib/action_view/gem_version.rb +1 -1
  4. data/lib/assets/compiled/rails-ujs.js +36 -5
  5. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: af22af09202888663076683fcede2d6ff78cc16a5b53f046e9b14031dedd8832
4
- data.tar.gz: 489ff31631f8e0a5e7f33814602ce9583489b5b89f2215a1d69558aa359807fa
3
+ metadata.gz: f6ed9e24a774e9e4f1c79332ce2f6c80cd40823a0bcc15f160ca415ea365a1b1
4
+ data.tar.gz: 434ec5472bbaddb2973415fc662b3e46e471b3210c5426d5b09b4ab625245c9f
5
5
  SHA512:
6
- metadata.gz: 6c47f081dc4eea3b451febb506c4173cba87e81ef87519bd6b98311327a49627824f15f94e9da2f10f67f6115f0a12c985882897864dfce5b970bbe313ad1d8d
7
- data.tar.gz: cf4dd94d64857da8e8b4a197fbe725645c268b9ac770bd9a354b0dfdcd2bfbf7a7a6d1bdffea735527fa8286e6a7ff00651cffb3374f6ebdba80598c1439c47e
6
+ metadata.gz: efe68a6b0c038a00d866006ba010cad70b41ccf6f38c32ef0773713f5951e671a6ec16d908063519c851513523f60b0d10e23b2443f5184d93f7f539cde81688
7
+ data.tar.gz: 138bb777d4d79eb8a4ebd1aac456ebf1c85db5e7d59f53080dd8d339dd589f038255ed2b0c5e3439a763ceaca7c63049b10a8699fe02077c61f016e27dd31e66
data/CHANGELOG.md CHANGED
@@ -1,3 +1,30 @@
1
+ ## Rails 6.1.7.7 (February 21, 2024) ##
2
+
3
+ * No changes.
4
+
5
+
6
+ ## Rails 6.1.7.6 (August 22, 2023) ##
7
+
8
+ * No changes.
9
+
10
+
11
+ ## Rails 6.1.7.5 (August 22, 2023) ##
12
+
13
+ * No changes.
14
+
15
+
16
+ ## Rails 6.1.7.4 (June 26, 2023) ##
17
+
18
+ * No changes.
19
+
20
+
21
+ ## Rails 6.1.7.3 (March 13, 2023) ##
22
+
23
+ * Ignore certain data-* attributes in rails-ujs when element is contenteditable
24
+
25
+ [CVE-2023-23913]
26
+
27
+
1
28
  ## Rails 6.1.7.2 (January 24, 2023) ##
2
29
 
3
30
  * No changes.
data/lib/action_view/gem_version.rb CHANGED
@@ -10,7 +10,7 @@ module ActionView
10
10
  MAJOR = 6
11
11
  MINOR = 1
12
12
  TINY = 7
13
- PRE = "2"
13
+ PRE = "7"
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
data/lib/assets/compiled/rails-ujs.js CHANGED
@@ -73,6 +73,22 @@ Released under the MIT license
73
73
  return element[expando][key] = value;
74
74
  };
75
75
 
76
+ Rails.isContentEditable = function(element) {
77
+ var isEditable;
78
+ isEditable = false;
79
+ while (true) {
80
+ if (element.isContentEditable) {
81
+ isEditable = true;
82
+ break;
83
+ }
84
+ element = element.parentElement;
85
+ if (!element) {
86
+ break;
87
+ }
88
+ }
89
+ return isEditable;
90
+ };
91
+
76
92
  Rails.$ = function(selector) {
77
93
  return Array.prototype.slice.call(document.querySelectorAll(selector));
78
94
  };
@@ -395,9 +411,9 @@ Released under the MIT license
395
411
 
396
412
  }).call(this);
397
413
  (function() {
398
- var disableFormElement, disableFormElements, disableLinkElement, enableFormElement, enableFormElements, enableLinkElement, formElements, getData, isXhrRedirect, matches, setData, stopEverything;
414
+ var disableFormElement, disableFormElements, disableLinkElement, enableFormElement, enableFormElements, enableLinkElement, formElements, getData, isContentEditable, isXhrRedirect, matches, setData, stopEverything;
399
415
 
400
- matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, stopEverything = Rails.stopEverything, formElements = Rails.formElements;
416
+ matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, stopEverything = Rails.stopEverything, formElements = Rails.formElements, isContentEditable = Rails.isContentEditable;
401
417
 
402
418
  Rails.handleDisabledElement = function(e) {
403
419
  var element;
@@ -417,6 +433,9 @@ Released under the MIT license
417
433
  } else {
418
434
  element = e;
419
435
  }
436
+ if (isContentEditable(element)) {
437
+ return;
438
+ }
420
439
  if (matches(element, Rails.linkDisableSelector)) {
421
440
  return enableLinkElement(element);
422
441
  } else if (matches(element, Rails.buttonDisableSelector) || matches(element, Rails.formEnableSelector)) {
@@ -429,6 +448,9 @@ Released under the MIT license
429
448
  Rails.disableElement = function(e) {
430
449
  var element;
431
450
  element = e instanceof Event ? e.target : e;
451
+ if (isContentEditable(element)) {
452
+ return;
453
+ }
432
454
  if (matches(element, Rails.linkDisableSelector)) {
433
455
  return disableLinkElement(element);
434
456
  } else if (matches(element, Rails.buttonDisableSelector) || matches(element, Rails.formDisableSelector)) {
@@ -513,10 +535,12 @@ Released under the MIT license
513
535
 
514
536
  }).call(this);
515
537
  (function() {
516
- var stopEverything;
538
+ var isContentEditable, stopEverything;
517
539
 
518
540
  stopEverything = Rails.stopEverything;
519
541
 
542
+ isContentEditable = Rails.isContentEditable;
543
+
520
544
  Rails.handleMethod = function(e) {
521
545
  var csrfParam, csrfToken, form, formContent, href, link, method;
522
546
  link = this;
@@ -524,6 +548,9 @@ Released under the MIT license
524
548
  if (!method) {
525
549
  return;
526
550
  }
551
+ if (isContentEditable(this)) {
552
+ return;
553
+ }
527
554
  href = Rails.href(link);
528
555
  csrfToken = Rails.csrfToken();
529
556
  csrfParam = Rails.csrfParam();
@@ -545,10 +572,10 @@ Released under the MIT license
545
572
 
546
573
  }).call(this);
547
574
  (function() {
548
- var ajax, fire, getData, isCrossDomain, isRemote, matches, serializeElement, setData, stopEverything,
575
+ var ajax, fire, getData, isContentEditable, isCrossDomain, isRemote, matches, serializeElement, setData, stopEverything,
549
576
  slice = [].slice;
550
577
 
551
- matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, fire = Rails.fire, stopEverything = Rails.stopEverything, ajax = Rails.ajax, isCrossDomain = Rails.isCrossDomain, serializeElement = Rails.serializeElement;
578
+ matches = Rails.matches, getData = Rails.getData, setData = Rails.setData, fire = Rails.fire, stopEverything = Rails.stopEverything, ajax = Rails.ajax, isCrossDomain = Rails.isCrossDomain, serializeElement = Rails.serializeElement, isContentEditable = Rails.isContentEditable;
552
579
 
553
580
  isRemote = function(element) {
554
581
  var value;
@@ -566,6 +593,10 @@ Released under the MIT license
566
593
  fire(element, 'ajax:stopped');
567
594
  return false;
568
595
  }
596
+ if (isContentEditable(element)) {
597
+ fire(element, 'ajax:stopped');
598
+ return false;
599
+ }
569
600
  withCredentials = element.getAttribute('data-with-credentials');
570
601
  dataType = element.getAttribute('data-type') || 'script';
571
602
  if (matches(element, Rails.formSubmitSelector)) {
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionview
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.1.7.2
4
+ version: 6.1.7.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-25 00:00:00.000000000 Z
11
+ date: 2024-02-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 6.1.7.2
19
+ version: 6.1.7.7
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 6.1.7.2
26
+ version: 6.1.7.7
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: builder
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
92
92
  requirements:
93
93
  - - '='
94
94
  - !ruby/object:Gem::Version
95
- version: 6.1.7.2
95
+ version: 6.1.7.7
96
96
  type: :development
97
97
  prerelease: false
98
98
  version_requirements: !ruby/object:Gem::Requirement
99
99
  requirements:
100
100
  - - '='
101
101
  - !ruby/object:Gem::Version
102
- version: 6.1.7.2
102
+ version: 6.1.7.7
103
103
  - !ruby/object:Gem::Dependency
104
104
  name: activemodel
105
105
  requirement: !ruby/object:Gem::Requirement
106
106
  requirements:
107
107
  - - '='
108
108
  - !ruby/object:Gem::Version
109
- version: 6.1.7.2
109
+ version: 6.1.7.7
110
110
  type: :development
111
111
  prerelease: false
112
112
  version_requirements: !ruby/object:Gem::Requirement
113
113
  requirements:
114
114
  - - '='
115
115
  - !ruby/object:Gem::Version
116
- version: 6.1.7.2
116
+ version: 6.1.7.7
117
117
  description: Simple, battle-tested conventions and helpers for building web pages.
118
118
  email: david@loudthinking.com
119
119
  executables: []
@@ -239,10 +239,10 @@ licenses:
239
239
  - MIT
240
240
  metadata:
241
241
  bug_tracker_uri: https://github.com/rails/rails/issues
242
- changelog_uri: https://github.com/rails/rails/blob/v6.1.7.2/actionview/CHANGELOG.md
243
- documentation_uri: https://api.rubyonrails.org/v6.1.7.2/
242
+ changelog_uri: https://github.com/rails/rails/blob/v6.1.7.7/actionview/CHANGELOG.md
243
+ documentation_uri: https://api.rubyonrails.org/v6.1.7.7/
244
244
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
245
- source_code_uri: https://github.com/rails/rails/tree/v6.1.7.2/actionview
245
+ source_code_uri: https://github.com/rails/rails/tree/v6.1.7.7/actionview
246
246
  rubygems_mfa_required: 'true'
247
247
  post_install_message:
248
248
  rdoc_options: []
@@ -260,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
260
260
  version: '0'
261
261
  requirements:
262
262
  - none
263
- rubygems_version: 3.4.3
263
+ rubygems_version: 3.2.22
264
264
  signing_key:
265
265
  specification_version: 4
266
266
  summary: Rendering framework putting the V in MVC (part of Rails).